KR101676544B1 - Method, apparatus, system and medium for sps authentication - Google Patents

Abstract

A method and apparatus for SPS authentication for use with GPS, for example, is disclosed. The method includes receiving a first set of Y codes from a plurality of satellites, using the W code estimates extracted from the first set of Y codes for satellite channels corresponding to the plurality of satellites, And generating an authentication response in accordance with the authentication decisions made for the satellite channels.

Description

[0001] METHOD, APPARATUS, SYSTEM AND MEDIUM FOR SPS AUTHENTICATION FOR SPS AUTHENTICATION [0002]

This application claims the benefit of US Application No. 13 / 679,820 entitled " SPS Authentication ", filed November 16, 2012, and claims the benefit of U.S. Provisional Application Serial No. 61 / 561,824, filed November 18, 2011, entitled " GPS Authentication " Claim profits. The above-mentioned US applications are incorporated herein by reference in their entirety.

This disclosure relates to authentication. In particular, this disclosure relates to satellite positioning systems (SPS) and satellite signal authentication.

Conventional ad-hoc solutions require that they remove GNSS positions and velocities that do not match the sensor readings, or that they are much stronger than the actual signal (fake ), It just does not meet the need for strong authentication, just checking for the internal consistency of the signals, such as removing signal levels that may be too high, caused by attempts to overwhelm the receiver Respectively.

Another conventional approach is to use a broadband antenna by pointing high gain antennas at each satellite to compensate for the lack of correlation gain, which may be obtained by correlating with a known version of the local code and estimating the Y code per satellite in real- And extracts the Y code from the cast satellites. This approach collects raw data from satellites and correlates them with other samples from the receiver where the position needs to be authenticated. Inphase and quadrature (I / Q) samples are collected by knowing the position of each satellite from the estimated position by randomly tracking the satellite position with steerable high gain antennas. An antenna gain on the order of 30 dB may generally be sufficient for this approach (which may be obtained, for example, by a parabola antenna with a diameter of about 2 to 3 meters). The satellite selection is made by spatial diversity, for example, assuming that the antenna is correctly pointing to the satellite and the other satellite is not crossing the high gain antenna beam. However, this approach may form ambiguities that are correlated with respect to the signal, and may require explicit antenna configurations.

Another problem with this conventional approach is that a coarse acquisition (C / A) code is also received with the Y code as it is orthogonal to the Y code. The I / Q samples need to be rotated orthogonally to the C / A code to have only the Y code that persists within the raw signal. As a result, with conventional approaches, each satellite is tracked separately by a separate mobile high gain antenna, which significantly increases its cost.

Also, when satellites cross paths, there may be ambiguity about which satellites are being tracked, and authentication with these satellites may need to be temporarily suspended. In some conventional solutions, to reduce cost, only one Y-code signal can be authenticated, the remainder being considered real. These solutions limit the level of protection that can be provided as they do not cover the case of actually collected signals (including all Y-codes) in situations where fake C / A codes are superimposed.

Thus, there is a need for methods and systems that can address the issues of the prior art solutions described above.

This disclosure relates to SPS satellite signal authentication, also referred to as antispoofing. According to embodiments of the present disclosure, a method includes receiving a first set of Y codes from a plurality of satellites, receiving W from a first set of Y codes for satellite channels corresponding to a plurality of satellites, Generating authentication decisions using the code estimates, and generating an authentication response in accordance with the authentication decisions generated for the satellite channels.

In another embodiment, a method of authenticating a mobile device comprises receiving a first set of Y codes from a plurality of satellites via trusted satellite broadcast, receiving a first set of Y codes from a plurality of satellites via a mobile device, Generating authentication decisions using W code estimates extracted from a first set of Y codes and a second set of Y codes for satellite channels corresponding to a plurality of satellites, And generating an authentication response in accordance with the authentication decisions made for the satellite channels.

In yet another embodiment, an apparatus includes an authentication module that includes processing logic. The processing logic includes logic configured to receive a first set of Y codes from a plurality of satellites over a trusted satellite broadcast, logic configured to receive a second set of Y codes from a plurality of satellites via the mobile device, Logic configured to generate authentication decisions using W code estimates extracted from a first set of Y codes and a second set of Y codes for satellite channels corresponding to a plurality of satellites, And logic configured to generate an authentication response in accordance with the authentication decisions.

Yet another embodiment is a non-transitory medium for storing instructions for execution by one or more computer systems, the instructions comprising: receiving a first set of Y codes from a plurality of satellites at a mobile device, Code for generating authentication decisions using W code estimates extracted from a first set of Y codes for satellite channels corresponding to a plurality of satellites, and code for generating authentication decisions Lt; RTI ID = 0.0 > a < / RTI >

In another embodiment, a system includes at least one processor and an authentication module configured to work with the at least one processor. The authentication module comprises means for receiving a first set of Y codes from a plurality of satellites over a trusted satellite broadcast, means for receiving a second set of Y codes from a plurality of satellites via a mobile device, Means for generating authentication decisions using W code estimates extracted from a first set of Y codes and a second set of Y codes for satellite channels corresponding to a plurality of satellites, And means for generating an authentication response in accordance with the authentication decisions.

In another embodiment, the method includes receiving the encrypted code, determining information about the sequence used to encrypt the encrypted code, and transmitting the information to the device for authentication , And transmitting the information is based at least in part on the extracted sequence for the device for authentication.

BRIEF DESCRIPTION OF THE DRAWINGS The foregoing features and advantages of the present disclosure, and additional features and advantages thereof, will be more clearly understood after reading the detailed description of the embodiments of the present disclosure in conjunction with the following drawings.
1 illustrates a method for estimating a W code using dual frequencies, in accordance with some aspects of the present disclosure.
Figure 2 illustrates another method of estimating W code, in accordance with some aspects of the present disclosure.
Figure 3 shows a server based on an authentication solution, in accordance with some aspects of the present disclosure.
Figure 4 illustrates exemplary functional blocks of the server of Figure 3, in accordance with some aspects of the present disclosure.
Figure 5 illustrates a mobile based authentication solution, in accordance with some aspects of the present disclosure.
Figure 6 illustrates exemplary functional blocks of the mobile and server of Figure 5, in accordance with some aspects of the present disclosure.
7 shows an exemplary block diagram of an apparatus for GPS authentication, in accordance with some aspects of the present disclosure.
Figure 8 illustrates a method for authenticating a mobile device, in accordance with some aspects of the present disclosure.
9 illustrates a method for authenticating radio frequency signals, in accordance with some aspects of the present disclosure.
10 illustrates a method for transmitting information for authentication, in accordance with some aspects of the present disclosure.

Embodiments of SPS authentication are disclosed. The following description is provided to enable any person of ordinary skill in the art to make and use the present disclosure. The specific embodiments and descriptions of applications are provided by way of example only. Various modifications and combinations of the examples described herein will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other examples and applications without departing from the spirit and scope of the disclosure. Accordingly, the present disclosure is not intended to be limited to the examples illustrated and described, but should be accorded the widest scope consistent with the principles and features disclosed herein. The word "exemplary" or "example" is used herein to mean "serving as an example, instance, or illustration. Any aspect or embodiment described herein as "exemplary" or "exemplary" is not necessarily to be construed as preferred or advantageous over other aspects or embodiments.

The authentication of the position and / or time may be performed in real time, as opposed to being played back from recording of real data, for example, from positional and / or time calculations from legitimate over-the-air SPS broadcasts, Lt; Desc / Clms Page number 3 > incoming radio signals. Embodiments of the present disclosure may include: 1) a wireless signature in an RF spectrum that may be identified, for example, in signals received by a mobile computing device that is difficult to construct and to be authenticated; 2) a reference to the same signal acquired around the same time in a reliable manner; 3) a secure way to send to the entity that proves the signature; And / or 4) a trusted CA that can compare both and securely convey an indication of the authenticity of the position to the end user of the certificate (which may or may not be the user of the mobile device). It is noted that embodiments are described herein using GPS as an example. However, the descriptions provided herein may be applied to other types of SPS applications.

Embodiments of the present disclosure may be applied in some implementations to authenticate mobile devices in banking and e-commerce applications. For example, the bank may send an authentication request to the mobile device executing the banking application. In response, the mobile device may transmit the received satellite broadcast data to the server for authentication. The server may use the corresponding satellite broadcast received over the previously verified channel to authenticate the mobile device and may generate an authentication response to the bank. As another example, the merchant may send an authentication request to a mobile device executing an online shopping program. In response, the mobile device may transmit the received satellite broadcast data to the server for authentication. The server may use the corresponding satellite broadcast received over the previously verified channel to authenticate the mobile device, and may generate an authentication response to the merchant. In some embodiments, the mobile device may report or provide location, position, and / or GPS data to, for example, a bank or e-commerce entity or other entity. Certain embodiments described herein may be used to verify or authenticate position, position, and / or GPS data.

Figure 1 illustrates a method for estimating a W code using dual frequencies, in accordance with some aspects of the present disclosure. In the exemplary implementation shown in FIG. 1, the method determines correlations between two input frequency carriers, i.e., satellite signals from L1 and L2. The method includes a C / A code tracking block 102, a chip timing extraction block 104, a P code chip timing generation block 106, a P code local generator block 108, an adjustable delay block 110, a W The first XOR block 114, the first integration and dump block 116, the second XOR block 118, the second integration and dump block 120, the summation block 122, , And / or a threshold block 124. [ According to aspects of the present disclosure, input signals may be processed and transmitted between the blocks shown in FIG. The method for estimating the W code described in FIG. 1 may be used for W code extraction, for example, in one or more blocks 404 and / or 610, as described in FIGS. 4 and 6 below .

According to certain embodiments of the present disclosure, a single antenna may be used to collect signals from a plurality of satellites in view from a given location, instead of tracking each satellite individually with high gain. In the exemplary implementation shown in FIG. 1, the Y code is generated by XOR-multiplying the (issued) P code and the W code (generated locally using cryptographic keys). The W code can be specific to each satellite. In one approach, the W code (0.5 MHz) can be extracted for each satellite by multiplying by the P code on the L1 signal and by the delayed P code on the L2 side, and thus the two versions of the W code estimate Can be obtained. In some embodiments, Ll and L2 may represent different carrier frequencies. In some embodiments, one of the W code estimates may be selected for use, and two versions of the W code estimate may be reassembled to obtain a W code estimate. Each W code estimate may be satellite dependent or may be extracted separately.

The W code estimate on the L1 side may be performed by phase synchronizing the local oscillator on the C / A code and then collecting the C / A code signal and the rotated signal at 90 degrees in the quadrature. Timing is extracted from the C / A code timing and applied to the quadrature signal to integrate and dump the signals. Each W code chip may be integrated during the duration of the W code chip.

According to the embodiments of the present disclosure, a similar operation may be performed on the L2 side. Both integration and dump outputs may be summed and then compared to a threshold, e. G., A zero threshold. If the output is positive, the W code chip estimate is +1; Otherwise, the W code chip estimate is -1. The combination of integration and dump outputs prior to the W code chip estimate may result in an equivalent signal-to-noise ratio (SNR) above 3 dB and thus may result in a lower chip error rate.

The W code estimates described above may be implemented with a server-based authentication solution, which will be described below in connection with Figures 3 and 4. Alternatively or additionally, it may be implemented as a mobile-based authentication solution, which is described below in connection with Figures 5 and 6. [

Figure 2 illustrates another method of estimating W code, in accordance with some aspects of the present disclosure. In the exemplary embodiment shown in FIG. 2, the method estimates the W code using a single frequency carrier, i.e., the L1 IF output. The method includes a C / A code tracking block 202, a chip timing extraction block 204, a P-code chip timing generation block 206, a P-code local generator block 208, an adjustable delay block 210, a W Code chip timing generation block 212, XOR block 214, integration and dump block 216, and / or threshold block 218. According to aspects of the present disclosure, the input signal L1 IF output can be processed and transmitted between the blocks shown in FIG. The method for estimating the W code described in FIG. 2 may be used for W code extraction, for example, in one or more blocks 404 and / or 610, as described in FIGS. 4 and 6 below .

In the exemplary implementation shown in FIG. 2, the W code estimate may be implemented using a single frequency carrier. The final authentication involves correlating, for each satellite, a W code estimate from a server (e.g., which is real, received from an enabled and protected location) and a W code estimate from a mobile device (to be authenticated) ≪ / RTI > may be accomplished by combining authentication decisions from a plurality of users into a global decision.

According to the embodiments of the present disclosure, there are a number of ways to apply the methods described in Figures 1 and 2. For example, in one approach, the mobile collects I / Q samples and sends them to an " as is "authenticating authority to allow the certification authority to extract the W code before the comparison occurs Allow. In another approach, the W code may be extracted locally at the mobile device, the W code estimate may be sent to the certificate authority, which can then perform the comparison. The latter approach has the advantage of having a very low payload and may shift some functions to the mobile device to implement correlation with the P code. Thus, the mobile device may be configured to determine and send W code or I / Q samples that may be used to determine the W code, or otherwise output.

In other embodiments, for example, in embodiments that utilize access permissions for Y code generation keys and algorithms, the Y code may not be collected in real time, but rather may be synthesized locally when needed. This approach may provide stronger authentication as the Y code may be generated ahead of the broadcast time and sent to the authentication entity thus reducing authentication latency and reducing replay threats.

As shown in the examples above, this disclosure has provided numerous advantages. First, a single antenna without tracking or operational capabilities may be used at each reference location for the configuration described in connection with FIG. 1 and / or FIG. In other embodiments, the Y code may be synthesized locally if access authorization for the Y code generation keys and algorithm is available. Second, if the W code is transmitted instead of transmitting I / Q samples, the transmitted RF signature may be very small. Note that the RF signature may be a message that is sent to the certificate authority by the mobile. It may be a raw I / Q samples, or a W sequence. The RF signal can be used to indicate the signal the receiver uses to calculate its position. In this way, authentication may be performed without significant overhead traffic, and data exchanged between the mobile and the server may be kept relatively low. Also, at least in some of the disclosed embodiments, the processing gain may be reduced or eliminated.

According to certain embodiments of the present disclosure, the W code may be a pseudorandom sequence generated by a satellite and may be mixed (XOR) with a P code for Y code generation. The disclosed methods may extract and estimate W from I / Q samples, including "data" that may be transmitted as a signature to a certificate authority. It is noted that the W code may include 512 KB per second and a W code estimate of 250 to 500 chips or a W code collection of 0.4 ms (milliseconds) to 0.8 ms is sufficient for authentication.

In some approaches, 250 to 500 chips may be used for positive correlation (also referred to as comparison) of the W code. This is an estimate based at least in part on the size of the secure cryptographic keys in the modern cryptosystem, on the order of 256 to 500 bits. To collect 250 to 500 chips, IQ samples of 0.4 ms to 0.8 ms at a chip rate of about 500 KHz may be used to estimate the amount of chips. In this way, fewer chips may be used than in some other ways. In some implementations, W code-capable receivers may be used to output the W code. For example, survey grade GPS receivers may be configured to use some form of internal W code estimation (e.g., semi-codeless) to generate full carrier phase measurements, May be modified to output the W code.

It is noted that some embodiments disclosed herein may work in very low SNR (signal to noise ratio) environments, e.g., in some applications at low levels of indoor tracking capabilities of existing high sensitivity receivers . In these applications, longer W code estimates may be employed to compensate for higher chip error rates. Note that there may be advantages in that a sensitive receiver may be able to work wherever it can be tracked. This is not the case for conventional message-based authentication methods (some of the broadcast messages are encrypted), which may only work at compatible SNR levels with good message decoding performance. For very low SNR, erroneous W code chips in the estimate may increase; Thus, more chips can be used in comparisons to compensate for this lower quality, and still obtain an acceptable cross-correlation level for authentication purposes.

According to the embodiments of the present disclosure, the correlation may be made for the estimated W code with a chip error of approximately 1%. In order to reach a given level of performance, a longer sample duration (longer message size) may be used in the mobile device. In some implementations, the long sample duration may be mitigated by extracting W code chips at the mobile device and by sending estimated chips that may be denser than I / Q samples.

Figure 3 shows a server based on an authentication solution, in accordance with some aspects of the present disclosure. In the exemplary implementation shown in FIG. 3, authentication may be by a server, for example, server 306. Each individual authentication operation may be supported by the server 306. [ As shown in FIG. 3, the satellite 302, the entity being authenticated (mobile device) 304, the authenticating consumer / requestor (eg bank) 308, and the server 306 may communicate with each other. In this example, a broadcast from satellite 302 is received at both mobile 304 and server 306. The spoofing attack may be for a signal to be received by the mobile 304. The authentication consumer 308 may send an authentication request to the mobile 304 and / or the server 306. The mobile 304 may send the compressed raw data to the server for authentication or the authentication consumer 308 may receive such data from the mobile 304 and send the data to the server 306. This data may include Y code, W code, IQ samples, signature, information described above, and / or other data. The server 306 may retrieve the W codes received from, for example, the mobile 304 and / or the authentication consumer 308 and / or from the data received from the mobile 304 and / And sends an authentication response to the authenticating consumer 308 upon completion of the authentication based on the W < RTI ID = 0.0 >

The authentication request, the compressed raw data, and the authentication response messages may be encrypted between the devices; Accordingly, it should be noted that authentication requests, compressed raw data, and authentication response messages, and / or other embodiments described herein may be used to reduce or eliminate spoofing. In this example, the RF signal received at the user mobile device (e.g., from an RF simulator that generates for public GPS-like signals) may be assumed to be vulnerable. As described below, RF signals received at a server, which may include a reference station, may be assumed to be secure, or may be considered to be verified or trusted. Authentication may be consumed by an authentication consumer, such as a bank. For example, authentication may be performed for authentication of a fund transfer triggered by a mobile user. For example, to determine whether to grant a fund transfer, authentication may be used to verify the identity of the mobile, the location of the mobile, the position, and / or the GPS data.

Figure 4 illustrates exemplary functional blocks of the server, e.g., server 306, of Figure 3, in accordance with some aspects of the present disclosure. As shown in FIG. 4, the server 400 may be configured to receive, based at least in part on signals received from one or more satellites, e.g., one or more satellites 302, Authentication is performed. The satellite signals received by the GNSS antenna 402 of the server may be verified through various means in some embodiments and thus considered to be trusted (and valid), and based on being received in a secure or trusted location Or may be considered to be trusted based on one or more other metrics, or may be estimated to be valid by the server 400 in some embodiments. In one exemplary approach, a comparison 410a for blocks and code extraction 404a, W code extraction 406a, correlation 408a, and thresholds is performed to process signals received from SAT1 and to compare And to generate an authentication decision. For example, the W code extraction block 404a may form a first W code estimate using the I / Q samples from the GNSS antenna 402 of the server 400 and the P code from SAT1. W code extraction block 406a may use the I / Q samples from mobile device 304 and the P code from SAT1 to form a second W code estimate. The first W code estimate and the second W code estimate may then be correlated in a correlation block 408a and the output of the correlation block 408a may be compared to a threshold at block 410a to generate signals Lt; / RTI >

The operations described with reference to SAT 1 may be performed on signals received from other satellites. For example, the W code extraction block 404b may form a third W code estimate using I / Q samples from the GNSS antenna 402 of the server 400 and P codes from SAT N. W code extraction block 406b may use the I / Q samples from the mobile and the P code from SAT N to form a fourth W code estimate. The third W code estimate and the fourth W code estimate may then be correlated in correlation block 408b and the output of correlation block 408b may be compared to a threshold at block 410b to generate signals Lt; / RTI >

The general authentication block 412 may then take individual authentication decisions from the blocks 410 for signals received from each satellite to generate a combined authentication response that may be the global determination generated by the server 400 have. In some implementations, the server 400 may wait for all individual authentication decisions to be made before making a global determination. In some implementations, the server 400 may add a respective individual authentication decision to signals received from the satellite as each individual authentication decision becomes available. The server 400 then compares the sum of the correlations against a predetermined global determination to make an authentication decision. In this manner, the server 400 may stop waiting for additional individual authentication decisions after a predetermined global threshold has been reached (e.g., 95% of the individual decisions have been received).

Note that the predetermined global threshold may be based on the number of satellites and / or the expected chip error rate for the base station and / or mobile. In some implementations, the predetermined global threshold may depend on the signal-to-noise ratio (SNR). For example, if the SNR is low, it may be assumed that the bit rate may be higher. The predetermined global threshold may be adjusted to be lower when there is a high false positive rate.

Figure 5 illustrates a mobile based authentication solution, in accordance with some aspects of the present disclosure. In this exemplary approach, broadcast from satellite 502 is received at both mobile 504 and server 506. [ The spoofing attack may be for a signal to be received by the mobile 504. Mobile 504 can be both an authentication requester and an authenticated consumer. The mobile 504 receives the reference compressed W data from the server 506 and performs authentication of the broadcast signals received from the satellite 502 using the compressed W data. The mobile 504 may additionally or alternatively receive either Y code, IQ samples, signature, the above described information, and / or other data from the server 506, and may authenticate the broadcast signals You can also extract the W code there to do it.

In this approach, the load on the server (e. G., Reference data broadcast) may be lighter. This is because compression and correlation may be done on the board of the mobile device. In this case, the mobile device may be considered secure, and the environment may be considered hostile. The embodiments described herein may be used to detect tampering of received signals and to report such tampering to a mobile user. Authentication requests may be generated and consumed within the mobile as an authentication response does.

Figure 6 illustrates exemplary functional blocks of the mobile and server of Figure 5, in accordance with some aspects of the present disclosure. Authentication may be consumed by a mobile device (e.g., a user). Another example of authentication in this case may be for aircraft GPS navigation, where the aircraft may authenticate the GPS navigation signals it received using the methods described in Figures 5 and 6. [ 6, block 602 represents the functions performed by server 506, and block 606 represents functions performed by mobile 504. In one embodiment, Reference broadcast messages 604 may be sent from the server 506 to the mobile 504. [

In one exemplary approach, the server 602 may be configured to receive signals from one or more satellites, e.g., P-codes from one or more satellites 502, which may include SAT 1 to SAT N have. The satellite signal received by the GNSS antenna 608 of the server 602 may be considered valid. W code extraction block 610a may form a first W code estimate using I / Q samples from GNSS antenna 608 and P codes from SAT1. Similarly, W code extraction block 610b may form an Nth W code estimate using I / Q samples from GNSS antenna 608 and P codes from SAT N. W code estimates may be sent to mobile 606 as reference broadcast messages 604. [

According to an exemplary approach, blocks and code extraction 612a and SAT 1 W code correlation 614a are configured to process signals received from SAT 1 and generate an authentication decision associated with SAT 1. For example, the W code extraction block 612a may use the I / Q samples received by the mobile 606 and the P code from SAT1 to form a second W code estimate. The first W code estimate and the second W code estimate (from server 602) may then be correlated in the SAT 1 W code correlation 614a to generate an authentication decision for the signals received from SAT1 .

The operations described with reference to SAT 1 in mobile 606 may be performed on signals received from other satellites. For example, the W code extraction block 612b may form a third W code estimate using the I / Q samples received by the mobile 606 and the P code from SAT N. The Nth W code estimate and the third W code estimate (from server 602) may then be correlated in SAT NW code correlation block 614b to generate an authentication decision for signals received from SAT N .

The general authentication block 616 may then take individual authentication decisions from the blocks 614 for signals received from each satellite to generate a combined authentication response that may be the global determination generated by the mobile 606 have. In some implementations, the mobile 606 may wait for all individual authentication decisions to be made before making a global determination. In some implementations, the mobile 606 may add each individual authentication decision to signals received from the satellite as each individual authentication decision becomes available. Mobile 606 may then make a global authentication decision. In this manner, the mobile 606 may stop waiting for additional individual authentication decisions after a predetermined global threshold has been reached (e.g., 90% of the decisions from the individual satellite path have been received).

Note that the predetermined global threshold may be based on the number of satellites and / or the expected chip error rate for the base station and / or mobile. In other implementations, the predetermined global threshold may depend on the signal-to-noise ratio (SNR). For example, if the SNR is low, it may be assumed that the bit rate may be higher. The predetermined global threshold may be adjusted to be lower when there is a high false positive rate.

In some embodiments, the methods described herein may be applied to authenticating RF signals from a satellite. When this signal is authenticated, the RF signal may be considered to come from a live broadcast and may not need to be further authenticated. This approach may be challenging in replay situations where the actual signal may be collected by a spoofer and the fake C / A code signals may be superimposed on the live record. In this situation, authentication may be achieved, but the C / A code signals used for position calculation may be tampered with. To address this issue, any of the methods described herein may be used to first authenticate all Y code signals present in the received RF. Then, the timing of the P code found in the RF signature transmitted by the user mobile receiver to the server and the timing of the C / A code may be verified (aligned). It is desirable in many scenarios that the position computed by the mobile device (from the C / A code that may be present in the RF signature) is using C / A actual broadcast signals, and that the position can be trusted. The authentication server may also be configured to check the mobile position by calculating it from the RF signature. The authenticated position may be communicated from the authentication server to the authenticating consumer and thus may not need to be computed by the mobile device.

7 shows an exemplary block diagram of an apparatus for GPS authentication, in accordance with some aspects of the present disclosure; In some embodiments, the apparatus shown in FIG. 7 and / or described below may be used to implement a server, e. G., Server 306, 400, 506, and / or 606 in any of Figs. May be used. In some embodiments, the device shown in FIG. 7 and / or described below is a mobile device in any of FIGS. 3, 5, and 6, for example, a mobile device 304, 504, and / 0.0 > 602 < / RTI > 7, an antenna 702 receives the modulated signals from the base station and provides the received signals to a demodulator (DEMOD) portion of the modem 704. The demodulator processes (e.g., conditions and / or digitizes) the received signal and obtains input samples. It may further perform orthogonal frequency division multiplexing (OFDM) demodulation on input samples and provide frequency domain received symbols for all subcarriers. RX data processor 706 processes (e.g., symbol demaps, deinterleaves, and / or decodes) the frequency domain received symbols and provides decoded data to the controller / processor 708 of the device. In some implementations, antenna 702 may be configured to receive and / or transmit GPS signals or other SPS signals from one or more satellites. In some embodiments, the device includes a separate antenna (not shown) for receiving such GPS or other SPS signals. For example, antenna 402 or 608 may be included in the device. Also, separate receiving and / or processing circuitry and / or software may be included in the device for processing these signals and may be coupled to the controller / processor 708, memory 712, and / or authentication module 714, Lt; / RTI >

Controller / processor 708 may be configured to control the device to communicate with other devices over the wireless network. TX data processor 710 may include signaling symbols that may be processed by, for example, a modulator (MOD) of modem 704 and transmitted to a base station or directly to another device, e.g., via antenna 702, Data symbols, and / or pilot symbols. Controller / processor 708 also directs the operation of the various processing units in the device. Memory 712 may be configured to store data and program codes for the device. Authentication module 714 may be configured to perform the methods of authentication described above. For example, authentication module 714 and / or controller / processor 708 may include one or more of blocks 402-412 shown in Figure 4 or one or more of blocks 612-616 shown in Figure 6 As shown in FIG. As another example, authentication module 714 and / or controller / processor 708 may be utilized to implement one or more of blocks 608 and 610 shown in FIG. In some implementations, portions of the functionality of controller / processor 708 and authentication module 714 may be implemented in multiple devices, such as in one or more mobile devices and / or servers. In some other implementations, controller / processor 708 and authentication module 714 may reside in the server to implement the methods of GPS authentication described in connection with Figs. 1-6. In some other implementations, controller / processor 708 and authentication module 714 may reside in the mobile device to implement the methods of GPS authentication described in connection with Figs. 1-3 and 5-6. Although the authentication module 714 is shown separate from the other elements in the device shown in FIG. 7, the authentication module 714 may be implemented by other elements, such as the controller / processor 708, And / or in memory 712, or in another processor and / or memory of the device, or in one or more other elements of the device.

According to some aspects of the present disclosure, the functions described in Figures 8, 9, and / or 10 may be performed by the controller / processor 708 or authentication module 714 of Figure 7, or potentially by one or more other Elements, in combination with the two elements. In some implementations, the functions may be performed by processor 708, software, hardware, and firmware, or a combination thereof, to perform the various functions of the apparatus described in this disclosure.

Figure 8 illustrates a method for authenticating a mobile device, in accordance with some aspects of the present disclosure. At block 802, processor 708 and / or authentication module 714 may be configured to receive a first set of Y codes from a plurality of satellites over a trusted satellite broadcast. At block 804, processor 708 and / or authentication module 714 may be configured to receive a second set of Y codes from a plurality of satellites via the mobile device. At block 806, the processor 708 and / or the authentication module 714 use the W code estimates extracted from the first set of Y codes and the second set of Y codes for the satellite channels corresponding to the plurality of satellites To generate authentication decisions. At block 808, the processor 708 and / or the authentication module 714 may be configured to generate an authentication response in accordance with the authentication decisions made for the satellite channels. In some embodiments, the W codes extracted from the first set of Y codes may be received or obtained at 802 in addition to or instead of receiving the first set of Y codes. In some embodiments, IQ samples, from which W codes may be derived, are received or obtained at 802 in addition to or instead of receiving a first set of Y codes. In some embodiments, the W codes extracted from the second set of Y codes may be received or obtained at 804 in addition to or instead of receiving the second set of Y codes. In some embodiments, IQ samples, from which W codes may be derived, are received or obtained at 804 in addition to or instead of receiving a second set of Y codes.

According to some embodiments of the present disclosure, the methods performed at block 806 may further include methods performed at block 810. [ At block 810, processor 708 and / or authentication module 714 may be configured to generate a set of P codes corresponding to a plurality of satellites using a first set of Y codes; For each Y code associated with a satellite channel, the processor 708 and / or the authentication module 714 may generate a corresponding Y code from the first set of Y codes to generate a first W code estimate, A second W code extraction using the corresponding Y code from the second set of Y codes and a corresponding generated P code to generate a second W code estimate, Lt; / RTI > Correlating the first W code estimate and the second W code estimate to produce a correlation output; And generates an authentication decision for the satellite channel according to the correlation output.

According to embodiments of the present disclosure, the methods performed in block 808 may further include methods performed in blocks 812 and 814. [ For example, at block 812, the processor 708 and / or the authentication module 714 may combine authentication decisions from each satellite channel to generate an integrated authentication decision, and send the integrated authentication decision to a predetermined global threshold To generate an authentication response. ≪ RTI ID = 0.0 > The predetermined global threshold is based on at least one of the number of satellite channels used in determining the authentication response, the expected chip error rate of the first W code extraction and the second W code extraction, and the signal-to- . At block 814, the processor 708 and / or the authentication module 714 combines the authentication decisions from each satellite channel as the authentication decisions become available to generate an integrated authentication decision, And compare against a predetermined global threshold to generate an authentication response.

9 illustrates a method for authenticating radio frequency signals, in accordance with some aspects of the present disclosure. 9, processor 708 and / or authentication module 714 may send a first set of Y codes from a plurality of satellites to a mobile device (e.g., mobile 504) Lt; / RTI > At block 904, the processor 708 and / or the authentication module 714 may generate the authentication decision using the W code estimates extracted from the first set of Y codes for the satellite channels corresponding to the plurality of satellites Lt; / RTI > At block 906, the processor 708 and / or the authentication module 714 may be configured to generate an authentication response in accordance with the authentication decisions made for the satellite channels.

According to embodiments of the present disclosure, the methods performed at block 904 may further include methods performed at block 910. [ At block 910, processor 708 and / or authentication module 714 may be configured to generate a set of P codes corresponding to a plurality of satellites using a first set of Y codes. For each Y code associated with a satellite channel, the processor 708 and / or the authentication module 714 may generate a corresponding Y code from the first set of Y codes to generate a first W code estimate, Performing a first W code extraction using the first and second W code estimates, and receiving a second W code estimate, correlating the first W code estimate and the second W code estimate to produce a correlation output, May be configured to generate an authentication decision. According to an embodiment of the present disclosure, the methods performed in block 906 may further include methods performed in blocks 912 and 914. [ For example, at block 912, the processor 708 and / or the authentication module 714 may combine the authentication decisions from each satellite channel to generate an integrated authentication decision and send the integrated authentication decision to a predetermined global threshold To generate an authentication response. ≪ RTI ID = 0.0 > The predetermined global threshold may be determined based on at least one of the number of satellite channels used in determining the authentication response, the expected chip error rate of the first W code extraction, and the signal-to-noise ratio of the satellite channels. At block 914, the processor 708 and / or the authentication module 714 combines the authentication decisions from each satellite channel as the authentication decisions become available to generate an integrated authentication decision, And compare against a predetermined global threshold to generate an authentication response. Note that the second W code output may include a reference broadcast message from a trusted server. The second W code output may be generated using Y code and I / Q samples from a trusted server. Performing the first W code extraction may comprise generating a first W code estimate using a plurality of frequency carriers.

Figure 10 illustrates a method for transmitting information for authentication in accordance with some aspects of the present disclosure. 10, processor 708 and / or authentication module 714 may be configured to receive the encrypted code at block 1002. [ At block 1004, processor 708 and / or authentication module 714 may be configured to determine information about the sequence used to encrypt the encrypted code. At block 1006, the processor 708 and / or the authentication module 714 may be configured to send the information to the device for authentication, where transmitting the information may include, at least in part, do.

According to embodiments of the present disclosure, the methods performed in block 1002 may further include methods performed in block 1008. [ For example, the processor 708 and / or the authentication module 714 may be configured to receive a ranging signal that includes an encrypted code, where the ranging signal includes a GNSS broadcast.

The methods performed in block 1004 may further include methods performed in block 1010, which may be performed again in blocks 1020 and 1022. [ For example, the processor 708 and / or the authentication module 714 may be configured to extract a sequence used to encrypt the encrypted code. The information may include an extracted sequence. At block 1020, the processor 708 and / or the authentication module 714 may be configured to multiply the code encrypted by the code representing the encrypted code before encryption. At block 1022, the processor 708 and / or the authentication module 714 may be configured to receive the encrypted code over a first frequency, which further includes receiving the encrypted code over the second frequency And the information may include an estimate of the sequence based on the combination of the sequence extracted from the code received on the first frequency and the sequence extracted from the code received on the second frequency. The encrypted code may include a P code, and the sequence may include a W code.

The methods performed in block 1006 may further include methods performed in block 1012. [ At block 1012, the processor 708 and / or the authentication module 714 may be configured to send its (I / Q) samples to the device to have the source of the authenticated signal and the extracted sequence. The device may include a remote authentication server configured to authenticate the source from which the encrypted code was sent. The processor 708 and / or the authentication module 714 may further be configured to receive an indication from the device that the encrypted code is authentic and receive an indication from the device that the source from which the encrypted code was transmitted is authentic .

At least the paragraphs, FIGS. 7, 8 and their corresponding explanations provide means for receiving a first set of Y codes from a plurality of satellites via trusted satellite broadcast; Means for receiving a second set of Y codes from a plurality of satellites via a mobile device; Means for generating authentication decisions using W code estimates extracted from a first set of Y codes and a second set of Y codes for satellite channels corresponding to a plurality of satellites; And means for generating an authentication response in accordance with the authentication decisions made for the satellite channels. At least the paragraphs, FIGS. 7, 8, and their corresponding explanations provide means for generating a set of P codes corresponding to a plurality of satellites using a first set of Y codes; For each Y code associated with the satellite channel, perform a first W code extraction using the corresponding Y code from the first set of Y codes and the corresponding generated P code to generate a first W code estimate Means for; And means for performing a second W code extraction using a corresponding Y code and a corresponding generated P code from a second set of Y codes to produce a second W code estimate; Means for correlating the first W code estimate and the second W code estimate to produce a correlation output; And means for generating an authentication decision for the satellite channel in accordance with the correlation output.

At least [0046], [0054] - [0073] The paragraphs, Figures 7, 8, and their corresponding explanations describe a method for combining an authentication decision from each of the satellite channels to generate an integrated authentication decision Way; Means for comparing the integrated authentication decisions against a predetermined global threshold to generate an authentication response; Means for combining authentication decisions from each satellite channel as the authentication decisions become available to generate an integrated authentication decision; And means for comparing the integrated authentication decision against a predetermined global threshold to generate an authentication response.

The methods and mobile devices described herein may be implemented by various means depending on the application. For example, these methods may be implemented in hardware, firmware, software, or a combination thereof. For a hardware implementation, the processing units may be implemented as one or more application specific integrated circuits (ASICs), digital signal processors (DSPs), digital signal processing devices (DSPDs), programmable logic devices (PLDs), field programmable gate arrays A processor, a controller, a micro-controller, a microprocessor, an electronic device, other electronic units designed to perform the functions described herein, or a combination thereof. Here, the term "control logic" includes logic implemented by software, hardware, firmware, or a combination thereof.

In a firmware and / or software implementation, the methods may be implemented with modules (e.g., procedures, functions, and so on) that perform the functions described herein. Any machine readable medium containing tangibly the instructions may be used to implement the methods described herein. For example, the software codes may be stored in memory and executed by the processing unit. The memory may be implemented within the processing unit or outside the processing unit. As used herein, the term "memory" refers to any type of long term, short term, volatile, non-volatile, or other storage devices and includes any particular type of memory or number of memories, But is not limited to.

When implemented in firmware and / or software, the functions may be stored as one or more instructions or code on a computer readable medium. Examples include a computer readable medium encoded with a data structure and a computer readable medium encoded with a computer program. The computer readable medium may take the form of an article of manufacture. Computer readable media include physical computer storage media and / or other non-volatile media. The storage medium may be any available media that can be accessed by a computer. By way of example, and not limitation, such computer-readable media can be stored in the form of RAM, ROM, EEPROM, CD-ROM or other optical disk storage, magnetic disk storage or other magnetic storage devices, And may be any other medium that can be accessed by a computer, and as used herein, a disk and a disc may be referred to as a compact disk (CD), a laser disk, Disk, a digital versatile disk (DVD), a floppy disk and a Blu-ray disk, wherein the disk generally reproduces the data magnetically, and the disk optically reproduces the data with a laser . Combinations of the above should also be included within the scope of computer readable media.

In addition to storage on a computer readable medium, instructions and / or data may be provided as signals on a transmission medium included in a communication device. For example, the communication device may include a transceiver having signals indicative of instructions and data. The instructions and data are configured to cause one or more processors to implement the functions outlined in the claims. That is, the communication device includes a transmission medium having signals indicative of information for performing the disclosed functions. At a first time, a transmission medium included in a communication device may include a first portion of information to perform the disclosed functions, while at a second time, a transmission medium included in the communication device is configured to perform the functions And may include a second portion of the information.

The present disclosure may be implemented with various wireless communication networks, such as a wireless wide area network (WWAN), a wireless local area network (WLAN), a wireless personal area network (WPAN) The terms "network" and "system" are often used interchangeably. The terms " position "and" location "are often used interchangeably. The WWAN may be a code division multiple access (CDMA) network, a time division multiple access (TDMA) network, a frequency division multiple access (FDMA) network, an orthogonal frequency division multiple access (OFDMA) network, a single carrier frequency division multiple access , Long Term Evolution (LTE) network, WiMAX (IEEE 802.16) network, and the like. A CDMA network may implement one or more radio access technologies (RATs) such as cdma2000, Wideband-CDMA (W-CDMA). cdma2000 may include IS-95, IS-2000, and IS-856 standards. The TDMA network may implement a Global System for Mobile Communications (GSM), Digital Advanced Mobile Phone System (D-AMPS), or some other RAT. GSM and W-CDMA are described in documents from a consortium named "3rd Generation Partnership Project" (3GPP). cdma2000 is described in documents from a consortium named "3rd Generation Partnership Project 2" (3GPP2). 3GPP and 3GPP2 documents are publicly available. The WLAN may be an IEEE 802.11x network, the WPAN may be a Bluetooth network, IEEE 802.15x, or some other type of network. The techniques may also be implemented with any combination of WWAN, WLAN, and / or WPAN. For example, communications between the mobile 304, the server 306, and the authentication consumer 308 may be through any of the networks described above. Also, communications between mobile 504 and server 506 may be through any of the networks described above. The device shown in FIG. 7 may be configured to communicate via any of the networks described above, or an example using antenna 702 and modem 704.

A mobile station may receive and / or receive signals from a cellular or other wireless communication device, a personal communication system (PCS) device, a personal navigation device (PND), a personal information manager (PIM), a personal digital assistant (PDA) Quot; refers to a device such as another suitable mobile device that can do so. The term "mobile station" may also be used to indicate whether reception of satellite signals, reception of support data, and / or position related processing occurs at the device or at the PND - by short-range wireless, infrared, wired connection, It is intended to include devices that communicate with a personal navigation device (PND). A "mobile station" may also be connected to the Internet, Wi-Fi, or other network or the like, regardless of whether the satellite signal reception, support data reception, and / or position- related processing occurs at the device, at the server, Including, but not limited to, wireless communication devices, computers, laptops, and the like, which are capable of communicating with a server via a wireless network. Also, any operable coupling of the above is also considered a "mobile station ".

It is to be understood that a designation or other designation of something that is "optimized," "required," or other designation applies only to systems in which the present disclosure is optimized, or to systems in which " ). These assignments refer only to a specific described implementation. Of course, many implementations are possible. The techniques may be used with protocols other than those discussed herein, including protocols under development or to be developed.

Those skilled in the art will recognize that many possible variations and combinations of the disclosed embodiments may be employed, while still employing the same underlying inherent mechanisms and methods. The foregoing description for purposes of explanation has been written with reference to specific embodiments. It should be understood, however, that the foregoing illustrative discussions are not intended to be exhaustive or to limit the disclosure to the precise forms disclosed. Many modifications and variations are possible in light of the above teachings. The embodiments are chosen and described in order to illustrate the principles of the present disclosure and their practical application and to enable others skilled in the art to best utilize the present disclosure and various modifications as are suited to the particular use contemplated for which the various embodiments are contemplated Respectively.

Claims (40)

Receiving a first set of Y codes from a plurality of satellites;
Generating authentication decisions using W code estimates extracted from the first set of Y codes for satellite channels corresponding to the plurality of satellites, wherein generating the authentication decisions comprises: Receiving a second set of Y codes from the plurality of satellites; And correlations between the W code estimates extracted from the first set of Y codes for the satellite channels corresponding to the plurality of satellites and the W code estimates extracted from the second set of Y codes Further comprising generating the authentication decisions; And
And generating an authentication response in accordance with the authentication decisions made for the satellite channels. The method according to claim 1,
Wherein generating the authentication decisions using W code estimates extracted from the first set of Y codes and the second set of Y codes comprises:
Generating a set of P codes corresponding to the plurality of satellites using the first set of Y codes; And
For each Y code associated with a satellite channel, a first W code extraction is performed using the corresponding Y code from the first set of Y codes and the corresponding generated P code to generate a first W code estimate And performing a second W code extraction using the corresponding Y code from the second set of Y codes and the corresponding generated P code to generate a second W code estimate; Correlating the first W code estimate and the second W code estimate to produce a correlation output; And generating an authentication decision for the satellite channel in accordance with the correlation output. 3. The method of claim 2,
Wherein the generating the authentication response comprises:
Combining the authentication decisions from each satellite channel to generate an integrated authentication decision; And
And comparing the integrated authentication decisions against a predetermined threshold to generate the authentication response. The method of claim 3,
Wherein the predetermined threshold is <
The number of satellite channels used in determining the authentication response;
An expected chip error rate of said first W code extraction and said second W code extraction; And
The signal-to-noise ratio
≪ / RTI > The method according to claim 1,
Further comprising transmitting the authentication response to a device requesting authentication of information from the mobile device. The method according to claim 1,
Wherein the generating the authentication response comprises:
Combining the authentication decisions from each of the satellite channels as the authentication decisions become available to generate an integrated authentication decision; And
And comparing the integrated authentication decisions against a predetermined threshold to generate the authentication response. The method according to claim 1,
Wherein generating the authentication decisions using W code estimates extracted from the first set of Y codes for satellite channels corresponding to the plurality of satellites comprises:
Generating a set of P codes corresponding to the plurality of satellites using the first set of Y codes;
For each Y code associated with a satellite channel, a first W code extraction is performed using the corresponding Y code from the first set of Y codes and the corresponding generated P code to generate a first W code estimate step;
Receiving a second W code estimate;
Correlating the first W code estimate and the second W code estimate to produce a correlation output; And
And generating an authentication decision in accordance with the correlation output. 8. The method of claim 7,
Wherein the generating the authentication response comprises:
Combining the authentication decisions from each satellite channel to generate an integrated authentication decision; And
And comparing the integrated authentication decisions against a predetermined threshold to generate the authentication response. 9. The method of claim 8,
Wherein the predetermined threshold is <
The number of satellite channels used in determining the authentication response;
An expected chip error rate of the first W code extraction; And
The signal-to-noise ratio
≪ / RTI > 8. The method of claim 7,
And the second W code estimate is received from a trusted server. The method according to claim 1,
Wherein the receiving comprises receiving a first Y code of a first set of Y codes over a first frequency and receiving a second Y code of a first set of Y codes over a second frequency Including,
The method further comprises estimating at least one W code based on a combination of a W code extracted from the first Y code and a W code extracted from the second Y code. The method according to claim 1,
Wherein the generating the authentication decisions comprises:
Receiving inphase and quadrature (I / Q) samples of the signal; And
Further comprising generating the authentication decisions using the W code estimates extracted from the first set of Y codes and the W code estimates extracted from I / Q samples of the signal,
Wherein the authentication decisions indicate whether the source of the signal is authenticated. As an apparatus,
And an authentication module including processing logic,
The processing logic comprises:
Logic configured to receive a first set of Y codes from a plurality of satellites;
Logic configured to generate authentication decisions using W code estimates extracted from the first set of Y codes for satellite channels corresponding to the plurality of satellites, wherein the logic configured to generate the authentication decisions comprises: Logic configured to receive a second set of Y-codes from the plurality of satellites via the second set of Y-codes; And correlations between the W code estimates extracted from the first set of Y codes for the satellite channels corresponding to the plurality of satellites and the W code estimates extracted from the second set of Y codes Logic configured to generate the authentication decisions, the logic configured to generate the authentication decisions; And
And logic configured to generate an authentication response in accordance with the authentication decisions made for the satellite channels. 14. The method of claim 13,
Logic configured to generate the authentication decisions using the W code estimates extracted from the first set of Y codes and the second set of Y codes,
Logic configured to generate a set of P codes corresponding to the plurality of satellites using the first set of Y codes; And
For each Y code associated with the satellite channel, a first W code extraction is performed using the corresponding Y code from the first set of Y codes and the corresponding generated P code to generate a first W code estimate Logic configured to perform a second W code extraction using the corresponding generated Y code and the corresponding generated P code from the second set of Y codes to generate a second W code estimate; Logic configured to correlate the first W code estimate and the second W code estimate to produce a correlation output; And logic configured to generate an authentication decision for the satellite channel in accordance with the correlation output. 15. The method of claim 14,
The logic configured to generate the authentication response comprises:
Logic configured to combine the authentication decisions from each satellite channel to generate an integrated authentication decision; And
And logic configured to compare the integrated authentication decisions against a predetermined threshold to generate the authentication response. 16. The method of claim 15,
Wherein the predetermined threshold is <
The number of satellite channels used in determining the authentication response;
An expected chip error rate of said first W code extraction and said second W code extraction; And
The signal-to-noise ratio
/ RTI > is determined based on at least one of < RTI ID = 14. The method of claim 13,
Further comprising logic configured to send the authentication response to a device requesting authentication of information from the mobile device. 14. The method of claim 13,
The logic configured to generate the authentication response comprises:
Logic configured to combine authentication decisions from each of the satellite channels as the authentication decisions become available to generate an integrated authentication decision; And
And logic configured to compare the integrated authentication decisions against a predetermined threshold to generate the authentication response. 14. The method of claim 13,
The logic configured to generate the authentication decisions using W code estimates extracted from the first set of Y codes for satellite channels corresponding to the plurality of satellites,
Logic configured to generate a set of P codes corresponding to the plurality of satellites using the first set of Y codes;
For each Y code associated with the satellite channel, a first W code extraction is performed using the corresponding Y code from the first set of Y codes and the corresponding generated P code to generate a first W code estimate Configured logic;
Logic configured to receive a second W code estimate;
Logic configured to correlate the first W code estimate and the second W code estimate to produce a correlation output; And
And logic configured to generate an authentication decision in accordance with the correlation output. 20. The method of claim 19,
The logic configured to generate the authentication response comprises:
Logic configured to combine the authentication decisions from each satellite channel to generate an integrated authentication decision; And
And logic configured to compare the integrated authentication decisions against a predetermined threshold to generate the authentication response. 21. The method of claim 20,
Wherein the predetermined threshold is <
The number of satellite channels used in determining the authentication response;
An expected chip error rate of the first W code extraction; And
The signal-to-noise ratio
/ RTI > is determined based on at least one of < RTI ID = 20. The method of claim 19,
And the second W code estimate is received from a trusted server. 14. The method of claim 13,
The logic configured to receive comprises logic configured to receive a first Y code of the first set of Y codes over a first frequency and to receive a second Y code of the first set of Y codes over a second frequency Comprising configured logic,
Wherein the apparatus further comprises logic configured to estimate at least one W code based on a combination of a W code extracted from the first Y code and a W code extracted from the second Y code. 14. The method of claim 13,
The logic configured to generate the authentication decisions comprises:
Logic configured to receive inphase and quadrature (I / Q) samples of the signal; And
Further comprising logic configured to generate the authentication decisions using the W code estimates extracted from the first set of Y codes and the W code estimates extracted from the I / Q samples of the signal,
Wherein the authentication decisions indicate whether the source of the signal is authentic. A non-transitory medium for storing instructions for execution by one or more computer systems,
The instructions,
Instructions for receiving a first set of Y codes from a plurality of satellites;
Instructions for generating authentication decisions using W code estimates extracted from the first set of Y codes for satellite channels corresponding to the plurality of satellites, Instructions for receiving a second set of Y-codes from the plurality of satellites via a second set of Y-codes; And correlations between the W code estimates extracted from the first set of Y codes for the satellite channels corresponding to the plurality of satellites and the W code estimates extracted from the second set of Y codes Instructions for generating the authentication decisions, further comprising instructions for generating the authentication decisions; And
And generating an authentication response in accordance with authentication decisions made for the satellite channels. ≪ RTI ID = 0.0 > 31. < / RTI > Means for receiving a first set of Y codes from a plurality of satellites;
Means for generating authentication decisions using W code estimates extracted from a first set of Y codes for satellite channels corresponding to the plurality of satellites, Means for receiving a second set of Y codes from the plurality of satellites via a second set of Y-codes; And correlations between the W code estimates extracted from the first set of Y codes for the satellite channels corresponding to the plurality of satellites and the W code estimates extracted from the second set of Y codes Means for generating the authentication decisions, further comprising: means for generating the authentication decisions; And
And means for generating an authentication response in accordance with authentication decisions made for the satellite channels. 27. The method of claim 26,
Wherein the means for generating the authentication decisions using the W code estimates extracted from the first set of Y codes and the second set of Y codes comprises:
Means for generating a set of P codes corresponding to the plurality of satellites using the first set of Y codes; And
For each Y code associated with the satellite channel, a first W code extraction is performed using the corresponding Y code from the first set of Y codes and the corresponding generated P code to generate a first W code estimate Means for performing a second W code extraction using the corresponding Y code from the second set of Y codes and the corresponding generated P code to generate a second W code estimate; Means for correlating the first W code estimate and the second W code estimate to produce a correlation output; And means for generating an authentication decision for the satellite channel in accordance with the correlation output. 28. The method of claim 27,
Wherein the means for generating an authentication response comprises:
Means for combining the authentication decisions from each satellite channel to generate an integrated authentication decision; And
And means for comparing the integrated authentication decisions against a predetermined threshold to generate the authentication response. 29. The method of claim 28,
Wherein the predetermined threshold is <
The number of satellite channels used in determining the authentication response;
An expected chip error rate of said first W code extraction and said second W code extraction; And
The signal-to-noise ratio
/ RTI > is determined based on at least one of < RTI ID = 27. The method of claim 26,
Further comprising: means for sending the authentication response to a device requesting authentication of information from the mobile device. 27. The method of claim 26,
Wherein the means for generating an authentication response comprises:
Means for combining authentication decisions from each of the satellite channels as the authentication decisions become available to generate an integrated authentication decision; And
And means for comparing the integrated authentication decisions against a predetermined threshold to generate the authentication response. 27. The method of claim 26,
Means for generating the authentication decisions using W code estimates extracted from the first set of Y codes for satellite channels corresponding to the plurality of satellites,
Means for generating a set of P codes corresponding to the plurality of satellites using the first set of Y codes;
For each Y code associated with the satellite channel, a first W code extraction is performed using the corresponding Y code from the first set of Y codes and the corresponding generated P code to generate a first W code estimate Means for;
Means for receiving a second W code estimate;
Means for correlating the first W code estimate and the second W code estimate to produce a correlation output; And
And means for generating an authentication decision in accordance with the correlation output. 33. The method of claim 32,
Wherein the means for generating an authentication response comprises:
Means for combining the authentication decisions from each satellite channel to generate an integrated authentication decision; And
And means for comparing the integrated authentication decisions against a predetermined threshold to generate the authentication response. 34. The method of claim 33,
Wherein the predetermined threshold is <
The number of satellite channels used in determining the authentication response;
An expected chip error rate of the first W code extraction; And
The signal-to-noise ratio
/ RTI > is determined based on at least one of < RTI ID = 33. The method of claim 32,
And the second W code estimate is received from a trusted server. 27. The method of claim 26,
Wherein the means for receiving comprises means for receiving a first Y code of a first set of Y codes over a first frequency and means for receiving a second Y code of a first set of Y codes over a second frequency, Gt;
Wherein the system further comprises means for estimating at least one W code based on a combination of a W code extracted from the first Y code and a W code extracted from the second Y code. 27. The method of claim 26,
Wherein the means for generating authentication decisions comprises:
Means for receiving inphase and quadrature (I / Q) samples of the signal; And
Means for generating the authentication decisions using the W code estimates extracted from the first set of Y codes and the W code estimates extracted from the I / Q samples of the signal,
Wherein the authentication decisions indicate whether the source of the signal is authentic. delete delete delete

Images